SB2024101780 - Multiple vulnerabilities in cPanel

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Use of cache containing sensitive information (CVE-ID: N/A)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to caching a valid username is auto-populating in the Username login field in some cases/circumstances. A remote attacker can trick the victim to login into the application and obtain the username from the login page cache.

2) Improper access control (CVE-ID: N/A)

The vulnerability allows a remote user to delete another user’s email accounts cache file

The vulnerability exists due to improper access restrictions. A remote user can bypass implemented security restrictions and another user’s email accounts cache file via bin/update_quota_cache.

3) Improper Output Neutralization for Logs (CVE-ID: N/A)

The vulnerability allows a remote attacker to alter information in the log file.

the vulnerability exists due to incorrect processing certain encodings in the cPanel login_log. A remote attacker can craft the username for a failed login attempt so that it would create a confusing multi-line log entry in the login_log. This entry could make it appear that a user successfully logged into the server even though it was just an entry from a failed login attempt.

4) Untrusted search path (CVE-ID: N/A)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to usage of an untrusted search path when loading Perl modules. A local user can place a malicious module into a specific location on the system and execute arbitrary code with escalated privileges.

Remediation

Install update from vendor's website.

References

• https://news.cpanel.com/target-security-release-2024-0001-disclosure/
• https://github.com/perl/perl5/issues/15263